Frederic Beck <frederic.beck@xxxxxxxx> writes: > root@trunks:~/firewalling/iptables > % ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT > ip6tables: Unknown error 4294967295 I see the same problem with gentoo kernel 2.6.15-r2 and iptables 1.3.5, except that I also add the protocol # ip6tables -I INPUT 1 -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT ip6tables: Unknown error 4294967295 strace shows this prior to the error socket(PF_INET6, SOCK_RAW, IPPROTO_RAW) = 3 getsockopt(3, SOL_IPV6, 0x40 /* IPV6_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84]) = 0 getsockopt(3, SOL_IPV6, 0x41 /* IPV6_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [2328]) = 0 setsockopt(3, SOL_IPV6, 0x40 /* IPV6_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2620) = -1 ENOENT (No such file or directory) write(2, "ip6tables: Unknown error 4294967"..., 36ip6tables: Unknown error 4294967295 ) = 36 I have connection tracking turned on in the kernel CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y # CONFIG_NF_CT_ACCT is not set # CONFIG_NF_CONNTRACK_MARK is not set CONFIG_NF_CONNTRACK_EVENTS=y # CONFIG_NF_CT_PROTO_SCTP is not set # CONFIG_NF_CONNTRACK_FTP is not set CONFIG_NF_CONNTRACK_IPV6=y # CONFIG_IP6_NF_QUEUE is not set CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_LIMIT=y CONFIG_IP6_NF_MATCH_MAC=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_MULTIPORT=y CONFIG_IP6_NF_MATCH_OWNER=y CONFIG_IP6_NF_MATCH_MARK=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_AHESP=y CONFIG_IP6_NF_MATCH_LENGTH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_TARGET_NFQUEUE=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_TARGET_MARK=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_RAW=y
